I read about a new strain of malware that is using TOR as a command-and-control server and enables TOR on Android...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
devices. How can I detect if TOR is running on an Android device and what should I do to protect the device from such issues?
Malware and manual attackers have been using the anonymous Web browser TOR for command and control communications in their attacks for years. TOR is designed to protect an individual's privacy by creating an overlay network on the Internet that is not directly traceable by outside parties. Adding TOR functionality to malware is much like adding 64-bit support or a fast-flux domain name system to Windows malware -- the attack is just adopting capabilities found elsewhere to further its exploit.
Mobile and Android malware is following the same development lifecycle and has many of the same goals as traditional malware. Adding TOR functionality makes the tracking of the command-and-control infrastructure much more difficult. One such variety of malware, the Backdoor.AndroidOS.Torec.a, uses the Orbot TOR client's functionality, but it doesn't impersonate as the actual Orbot TOR client.
You could detect TOR on Android devices by either monitoring the network or checking the device itself. To monitor the network, look for TOR IP traffic or for misconfigured applications that try to look up .onion domain names. To check the local device, monitor data usage or look at sent SMS messages to see if there are any messages there that the user didn't send.
To protect devices from malware using TOR, you must first protect the device from malware itself. There are numerous antimalware and other security tools that can be run on the device, but another key to remaining secure is only using trusted app stores and apps in the first place.
Ask the Expert!
Have a question about enterprise threats? Send it via email today! (All questions are anonymous.)
Dig Deeper on Smartphone and PDA Viruses and Threats
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.